| Index: src/images/SkImageDecoder_libpng.cpp
|
| diff --git a/src/images/SkImageDecoder_libpng.cpp b/src/images/SkImageDecoder_libpng.cpp
|
| index 7ff15584c4fb3f592eb36077a8726047cf4404af..01b7c69c257522586987487b51443787a2b40b7a 100644
|
| --- a/src/images/SkImageDecoder_libpng.cpp
|
| +++ b/src/images/SkImageDecoder_libpng.cpp
|
| @@ -911,8 +911,7 @@ bool SkPNGImageDecoder::onDecodeSubset(SkBitmap* bm, const SkIRect& region) {
|
| for (int i = 0; i < number_passes; i++) {
|
| png_configure_decoder(png_ptr, &actualTop, i);
|
| for (int j = 0; j < rect.fTop - actualTop; j++) {
|
| - uint8_t* bmRow = (uint8_t*)decodedBitmap.getPixels();
|
| - png_read_rows(png_ptr, &bmRow, png_bytepp_NULL, 1);
|
| + png_read_rows(png_ptr, &base, png_bytepp_NULL, 1);
|
| }
|
| uint8_t* row = base;
|
| for (int32_t y = 0; y < rect.height(); y++) {
|
| @@ -935,8 +934,7 @@ bool SkPNGImageDecoder::onDecodeSubset(SkBitmap* bm, const SkIRect& region) {
|
| skip_src_rows(png_ptr, srcRow, sampler.srcY0());
|
|
|
| for (int i = 0; i < rect.fTop - actualTop; i++) {
|
| - uint8_t* bmRow = (uint8_t*)decodedBitmap.getPixels();
|
| - png_read_rows(png_ptr, &bmRow, png_bytepp_NULL, 1);
|
| + png_read_rows(png_ptr, &srcRow, png_bytepp_NULL, 1);
|
| }
|
| for (int y = 0; y < height; y++) {
|
| uint8_t* tmp = srcRow;
|
|
|
Chromium Code Reviews
Issue 423473003:
Fix image decoder memory overwrite bug. (Closed)
Base URL: https://skia.googlesource.com/skia.git@master